Hi, I assume, with no responses, there isn't this capability, so I have created [1] to build a PoC. best Regards Ian
1 https://issues.apache.org/jira/browse/SLING-6979 On 21 June 2017 at 10:10, Ian Boston <i...@tfd.co.uk> wrote: > Hi, > Does Sling already have a generic mechanism that would support generating > something like an AWS policy signature [1] ? > > Obviously, an AWS policy signature is an implementation detail that I > would expect would be hidden behind a SPI. The flow I am thinking of is: > > 1. http client requests authorization to perform an operation on a remote > service. > 2. Sling responds with some data that represents authorization the remote > service understands. > 3. http client uses the authorisation to perform the operation. > 4. remote service validates the authorisation. > > I am thinking Sling would respond to step 1 with a servlet bound to a node > with a resource type, that node containing some configuration. > > I know this sounds like an OAuth flow, and OAuth would be 1 > implementation, but there are others that dont use OAuth, like AWS[1]. > > Does Sling have this already or is it something that I would need to > explore in a whiteboard subtree ? > > Best Regards > Ian > > 1 http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html > > > > > >